The principal objective of physical security is to prevent or signiﬁcantly delay unauthorised access to ESA premises, or to zones nested within the same premises, in order to protect the Agency’s personnel, assets, information and knowhow, while preserving suﬃcient freedom of movement and ﬂexibility for day-to-day operations. The measures adopted must be capable of providing protection in two ways: ﬁrstly, there is the need for protection in the event of forced or surreptitious entry and, secondly, there is the need for protection from malicious personnel who have legitimate access to a speciﬁc site.
Each single asset, whether a document, laptop, USB stick or a personal belonging such as a wallet or purse, must be protected correctly, according to its value and/or the sensitivity of the information it contains.
The physical protection of these assets should never depend on one safeguard alone. A cascade of protection measures will deter or delay attempts by non-authorised people to access a specific asset or information. This is the principle of “defence in depth".
Defence in depth is a strategy. It seeks to implement a balanced number of complementary physical protection measures in a layered approach - different Security Zones - with a concentric concept that gives protection from all directions and does not allow any specific protection measure to be 'bypassed'.
Its aim is to delay, rather than prevent, the advance of an unauthorised person trying to access a location, so as to allow the normal controls, checks and alarms to come into effect and alert colleagues and security guards. This allows ESA to balance its efforts between costs and benefits, and ensures that ESA staff work in a safe and pleasant environment that does not resemble a 'fortress'.